Description
MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of service via packet injection or crafted capture file
CVSS Metrics
- Vector
- CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H
- Attack Vector
- network
- Complexity
- high
- Privileges
- none
- User Action
- required
- Scope
- unchanged
- Confidentiality
- low
- Integrity
- low
- Availability
- high
- Weaknesses
- CWE-835CWE-835
Metadata
- Primary Vendor
- FEDORAPROJECT
- Published
- 5/14/2024
- Last Modified
- 11/3/2025
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
fedoraproject : fedorafedoraproject : fedorawireshark : wiresharkwireshark : wiresharkwireshark : wireshark
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.